This will create a command called back2 that executes the command to go back two directories (../../)You can run this command from the terminal session you created it in simply by calling it's name: 'back2' with no quotes.However, these are only stored in memory, and destroys itself after the terminal session is closed.To make this command stay forever, we go to our home directory

and edit the .bashrc file.Adding our command in there the same way as before will allow the command to live for as long as it is located in the file.

So I then read more today and learned about bash scripting, which I had very slim knowledge of before and never tried to learn until today. I decided it would be cool because you could use a bash script to write your own alias keywords for you.

Then of course me and my crazy ideas (Flash back to when I renamed my Desktop to .Desktop) I thought about changing commands that are commonly used. For instance, the command cd is used so much, so let's tweak it..

The command above would make someone stay in the home directory no matter where they try to change directories to. (I created a directory called Fail, and keep it stuck in that directory)

So anywho, I thought well this could be potentially useful if someone did mange to ssh into my machine, or I am gone from my computer, etc.. The only issue is that it would be a pain in the ass to remember all of the commands that I make, and trying not to fall into traps, etc... This is also not effective if the user knows about the alias command, they could simply run:

So I came up with an idea. I wanted a way to allow me to use certain commands, and disallow them if they are not me. So, for instance, if someone wanted to run a sudo command, they would get prompted for a complete different password that can be anything, so that if someone bruteforced into my machine via ssh, when they try to run a certain command, they will get prompted for the chosen password. Basically if the password is answered, the user can continue about their day with no further encounters of the issue, unless specified otherwise. However, if the password is incorrect, I want to shut them out from using any commands, besides a very few specified commands. Since everything is on the machine, the last thing you would want is someone to get in your machine, and get your password wrong, because the effects take place on your machine in your .bashrc file! This would mean if someone tunneled into my machine and answered the password wrong, I would suffer from it, and not be able to use any commands!!! This could be dangerous, so we need a work around which I will explain later.

So the first step needed is to make a directory called Fail in my home directory; so I ran

This will be where we send the user striped from most useful commands, when they try to use the machine with unauthorized access.Next, we need to edit our .bashrc file located at ~/.bashrc and add the following commands which we will explain why later

# If there is no file called .bashrc2, we copy .bashrc2 to that name# This is useful for our next script fix.sh# Note that any time we mv/make/copy a file we need to chmod a+r+w to allow the use of themif [ ! -f ~/.bashrc2 ]; then cp ~/.bashrc ~/.bashrc2 chmod a+r+w ~/.bash*fi# When the user enters the sudo command, we make a password prompt #that looks very similar to the traditional sudo prompt, except that ours does #not hide characters when being inputecho "[sudo] password for "$(whoami)":"read pass# If the passowrd is hts, we tell alias to append the traditional sudo command to .bashrc# This will overwrite the traditional sudo prompt of alias sudo='~/sudo.sh'if [ $pass = "hts" ]; then echo "Authentication Successful!" echo "Please open a new terminal for effects to take place!" echo "alias sudo='sudo'" >> ~/.bashrc

The summary of the code above is:If you get the wrong password, your terminal session ends and you get directed to the /Fail folder with limited commands. If the password is correct, we overwrite the sudo command to the traditional sudo command. A new terminal needs to be opened afterwards for the effects to take place!

Next we need to create the fix.sh script. This script is a command in the .bashrc file, and can be called on inside the Fail foder in case someone tries to gain unauthorized access, and makes these changes to our system. It would be a nightmare if we couldn't call this command from inside the Fail folder and this happened.The fix script looks like this:

#!/bin/bash# Prompt the user for the password echo "Enter the password for "$(whoami)":"read pass# If the password is hts, we take the .bashrc2 file that is a copy of the original .bashrc file# and we move it to replace the current .bashrc file, which will in turn remove the appened# bad alias commands, while still appending the password prompt for the sudo commandif [ $pass = "hts" ]; then echo "Authentication was a success!" echo "Fixes will begin taking effect!" mv ~/.bashrc2 ~/.bashrc chmod a+r+w ~/.bash*else echo "Invalid Password"fi

So now with the above, we can do the following:1. Prompt user for password when they use the sudo command2. If the pass is correct, we can overwrite the sudo alias, to allow the proper use of sudo3. If the password is false, redirect them into the Fail folder with limited commands4. Run the fix command in the Fail folder, and fix our machine in case if someone tried to gain unauthorized access

Now we are faced with another question. Everyone ends up running sudo sometime, and after you run sudo, the changes take effect system wide. Meaning if you run sudo once, and leave your machine on, or literally leave your machine, it is still dangerous. For instance if you ran sudo nmap, and answered your password prompt, the sudo command is overwritten by the real sudo command. This means that if say you left your computer in real life, someone could use sudo now. Same goes for if you used sudo, and someone made an ssh tunnel onto your machine, they can use the sudo command, because the effects are made on your system to the .bashrc file.

So how would we go about preventing this? The answer I came up with was to create another bash script called pro.sh, which is short for protect. However, before we do that, we need to create a file called .pro which should contain the normal .bashrc file with the sudo command directed to the sudo.sh script. It should look like this:

# set variable identifying the chroot you work in (used in the prompt below)if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then debian_chroot=$(cat /etc/debian_chroot)fi

# set a fancy prompt (non-color, unless we know we "want" color)case "$TERM" in xterm-color) color_prompt=yes;;esac

# uncomment for a colored prompt, if the terminal has the capability; turned# off by default to not distract the user: the focus in a terminal window# should be on the output of commands, not on the prompt#force_color_prompt=yes

if [ -n "$force_color_prompt" ]; then if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then # We have color support; assume it's compliant with Ecma-48 # (ISO/IEC-6429). (Lack of such support is extremely rare, and such # a case would tend to support setf rather than setaf.) color_prompt=yes else color_prompt= fifi

# Alias definitions.# You may want to put all your additions into a separate file like# ~/.bash_aliases, instead of adding them here directly.# See /usr/share/doc/bash-doc/examples in the bash-doc package.

So now, you can do the following:1. Prompt user for password when they use the sudo command2. If the pass is correct, we can overwrite the sudo alias, to allow the proper use of sudo3. If the sudo command is not protected by the a

command, we can choose to protect it3. If the password is false, redirect them into the Fail folder with limited commands4. Run the fix command in the Fail folder, and fix our machine in case if someone tried to gain unauthorized access

If you want to protect other keywords, you can just add them into the .bashrc file and declare them to execute your sudo.sh script,for example if you wanted to protect the cd, mv, cp commands you would add these commands to those files:

Make sure you copy it over to any existing files that deal with the scripts!!! i.e. .conkyrc2, .pro, and .conkyrc

I recommend that you to do this to stay protected after you have set it up:1. type in sudo2. Give the password prompt the correct answer3. Open your new terminal4. Use the command 'pro' with no quotes ' '

This will allow you to use all commands until you end your terminal session, while keeping your system protected from anyone that tunnels in trying to use the commands. This is becuase your terminal holds the memory of the old .bashrc file! In summary, you can use sudo, and no one else can! However, if you walk away from your computer irl, close the terminal session.

If you ever open a terminal session and are immediately brought to the /Fail folder, you know someone tried to gain unauthorized access to your machine. From in there, you can run the command 'fix' with no quotes, which will in turn fix your .bashrc file, given that you provided the correct password.

Keep in mind, that you can from inside the Fail folder still use some commands such as nano and chmod, which take effect, but when you try and run the commands, they fail. i.e. I recreated the fix.sh file inside the Fail folder using nano and gave it read write execute permissions for all users using chmod a+w+r+x, and ran the file. The file never took place and the .bashrc file remained unchanged.

Also note, that you may need to have your normal .bashrc file protected and then call in the script fix to change the keywords back after a given password. I say this because I do not believe that ssh sessions can exit out of a terminal session, which means that the effects wouldn't take place, however I am going to test this real soon and get back to you guys with the results.

Don't laugh,- Ninjex

-- Thu Jan 31, 2013 10:23 pm --

Okay, I ran the test. I made a ssh tunnel and made note of a few things.The main point is number 1, make sure you copy these to the root account home directory.1. Add all of the scripts for this into the root accounts home directory, as well as other users.2. The exit command on the bash scripts can close a ssh session for the user.3. If the user is sudo, and they use su usernamehere, if they enter the wrong password, it will close them from the session of that user and back into the root session. i.e. (Say there are two account ninjex@192.168.1.69 and root@192.168.1.69) If they tunnel in as root@192.168.1.69 and use su ninjex, and become ninjex@192.168.1.69, and run sudo and enter a wrong password, it will force them back into a session with root@192.168.1.69

It is very important to copy these files over to all user's on your computer and your root account for the greatest security.

---Tell me what you guys think about this. I am planing on making it copy itself to all user's, and possibly making a directory called sec for all the files; which means I will have to re-write the scripts a little, as well as make a log file.The log file may be similar to something like:

history >> ~/log.txt# If I make a directory for all of the files it may look similar to:history >> ~/sec/log.txt

-- Fri Feb 01, 2013 3:18 am --

New----I added the files to a folder, that should be placed into the home directory, and a file used to install everything.I also added more commands to the file for the root account, as having sudo protected on root is stupid.I will make a video on this, and upload the files in a .tar.gz somewhere for those who are interested tomorrow.